Curated catalog of generally useful kpt functions
High-performance open-source security scanner combining SAST, SCA, Secret Detection, and IaC analysis, built for developers and CI/CD pipelines, using AI for recommendation!
TrendAI Vision One Container Security Scan Action
Static analysis from configs → Kubernetes NetworkPolicies in seconds
Managing GitHub Advanced Security (GHAS) Controls at Scale
A complete DevSecOps CI/CD automation pipeline for a Node.js application using GitHub Actions, Docker, Trivy security scanning, and Kubernetes (Minikube), implementing shift-left security and cloud-native deployment practices.
Enterprise-style DevSecOps CI/CD pipeline demo using GitHub Actions, Semgrep, CodeQL, TruffleHog, pip-audit, and pre-commit.
Pre-cloud web application security assessment including vulnerability analysis, remediation, and cloud security controls.
Catch IaC security misconfigurations before production. 100+ rules across Terraform, CloudFormation & Ansible. 9 compliance frameworks.
End-to-end DevSecOps CI/CD pipeline integrating SAST, SCA, Secrets Scanning, Container Security, and DAST with automated security gates and deployment blocking using GitHub Actions.
A production-style DevSecOps CI/CD pipeline demonstrating shift-left security with open-source tools. It performs SAST, secrets detection, dependency and container scanning, SBOM generation, and image signing before deploying to Kubernetes. The pipeline can run locally or via GitHub Actions and generates security reports for validation.
Git hooks for improving developer experience and security
deliver SAST results to gitlab merge request discussions https://github.com/jonny64/sarif2gl/wiki https://npmjs.com/package/sarif2gl
SAGA: O Motor Corporativo de Paved Road. Transforme segurança de um gargalo bloqueador para uma arquitetura invisível via Secretless Deployments, Combate à Shadow AI e Barramento Abstraído Universal de Dados Zero Trust.
DevSecOps Command Center for the IT Security & Privacy (SPTI) seminar at Escuela Colombiana de Ingeniería Julio Garavito. This project secures the LogiFlow platform through a full Shift-Left (SAST/SCA) and Shift-Right (DAST/Falco) lifecycle. An enterprise-grade monitoring stack with Prometheus, Grafana, and Loki for real-time threat detection.
Zero-Trust DevSecOps pipeline that intercepts IaC pull requests to autonomously detect and remediate compliance violations.
Container version of Featmap for building, planning and communicating product backlogs & releases
Add a description, image, and links to the shift-left-security topic page so that developers can more easily learn about it.
To associate your repository with the shift-left-security topic, visit your repo's landing page and select "manage topics."